Tuesday, November 28, 2017
Regular readers of this blog know that I will periodically post about identity theft, hacking, etc. even though not specifically elder law issues. With the end of the year looming, I thought it timely to write about a new report from the GAO, Identity Theft: Improved Collaboration Could Increase Success of IRS Initiatives to Prevent Refund Fraud.
The Internal Revenue Service (IRS) launched an Identity Theft Tax Refund Fraud Information Sharing and Analysis Center (ISAC) pilot for the 2017 filing season. It aims to allow IRS, states, and tax preparation industry partners to quickly share information on identity theft (IDT) refund fraud. The ISAC pilot includes two components: an online platform run by IRS to communicate data on suspected fraud, and an ISAC Partnership, a collaborative organization comprised of IRS, states, and industry, which is intended to be the governance structure. As of November 2017, the ISAC had 48 members: 31 states (including full members and those receiving alerts only), 14 tax preparation companies, and 3 financial institutions. In addition, IRS is using a Rapid Response Team (RRT) in partnership with states and industry members to coordinate responses to IDT refund fraud incidents that pose a significant threat within 24 to 72 hours of being discovered. IRS deployed the RRT for six incidents in 2016 and once in 2017.GAO found that the ISAC pilot aligns with key aspects of all five leading practices for effective pilot design GAO previously identified, but none fully. For example, IRS has worked to incorporate stakeholder input, but its message about the ISAC's benefits has not fully reached states. Further, IRS does not have criteria for assessing whether the pilot's objectives have been met. Without this assessment and better alignment with leading practices, IRS, its partners, and Congress will have difficulty determining the effectiveness of the pilot and whether to implement it more broadly.
Given the number of folks whose personal identifying information was stolen in the Equifax hack, let's hope that the IRS efforts are effective. Stay tuned.